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WHAT IS CLAIMED IS: 



1 1 . A method for determining and enforcing security policy in a 

2 communication session for a group of participants, the method comprising: 

3 providing group and local policies wherein each local policy states 

4 a set of local requirements for the session for a participant and the group policy 

5 represents a set of conditional, security-relevant requirements to support the session; 

6 generating a policy instance based on the group and local policies 

7 wherein the policy instance defines a configuration of security-related services used 

8 to implement the session and rules used for authorization and access control of 

9 participants to the session; 

10 analyzing the policy instance with respect to a set of correctness 



H 11 principles; 

13 enforcing the security policy based on the rules throughout the 

mb? 14 session. 

y i 



5 * 12 distributing the policy instance to the participants; and 



1 2. The method as claimed in claim 1 wherein the step of 

ft* 2 distributing includes the steps of authorizing a potential participant to participate in 

p 

j; 3 the session based on the rules and determining whether the potential participant has 

4 a right to view the security policy. 



1 3. The method as claimed in claim 1 wherein the step of 

2 analyzing verifies that the policy instance adheres to a set of principles defining legal 

3 construction and composition of the security policy. 

1 4. The method as claimed in claim 1 wherein the step of 

2 generating includes the step of reconciling the group and local policies to obtain the 

3 policy instance which is substantially compliant with each of the local policies and 

4 wherein the policy instance identifies relevant requirements of the session and how 

5 the relevant requirements are mapped into the configuration. 
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5. The method as claimed in claim 1 further comprising verifying 
that the policy instance complies with the set of local requirements stated in the local 
policies. 

6. The method as claimed in claim 5 further comprising 
identifying parts of a local policy that are not compliant with the policy instance and 
determining modifications required to make the local policy compliant with the 
policy instance. 

7. The method as claimed in claim 5 further comprising 
preventing a potential participant from participating in the session if the policy 
instance does not comply with the set of local requirements of the potential 
participant. 

8. The method as claimed in claim 1 wherein the step of 
enforcing includes the steps of creating and processing events. 

9. The method as claimed in claim 8 wherein the step of 
enforcing includes delivering the events to security services via a real or software- 
emulated broadcast bus. 

10. The method as claimed in claim 8 wherein the step of creating 
events includes the step of translating application requests into the events. 

11. The method as claimed in claim 8 wherein the step of 
enforcing further includes the steps of creating and processing timers and messages. 

12. The method as claimed in claim 1 wherein the set of local 
requirements specifies provisioning and access control policies. 

13. A system for determining and enforcing security policy in a 
communication session for a group of participants based on group and local policies 
wherein each local policy states a set of local requirements for the session for a 
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participant and the group policy represents a set of conditional, security-relevant 
requirements to support the session, the system comprising: 

means for generating a policy instance based on the group and local 
policies wherein the policy instance defines a configuration of security-related 
services used to implement the session and rules used for authorization and access 
control of participants to the session; 

means for analyzing the policy instance with respect to a set of 
correctness principles; 

means for distributing the policy instance to the participants; and 

means for enforcing the security policy based on the rules throughout 

the session. 

14. The system as claimed in claim 13 wherein the means for 
distributing includes means for authorizing a potential participant to participate in 
the session based on the rules and determining whether the potential participant has 
a right to view the security policy. 

15. The system as claimed in claim 13 wherein the means for 
analyzing verifies that the policy instance adheres to a set of principles defining legal 
construction and composition of the security policy. 

16. The system as claimed in claim 13 wherein the means for 
generating includes means for reconciling the group and local policies to obtain the 
policy instance which is substantially compliant with each of the local policies and 
wherein the policy instance identifies relevant requirements of the session and how 
the relevant requirements are mapped into the configuration. 

17. The system as claimed in claim 13 further comprising means 
for verifying that the policy instance complies with the set of local requirements 
stated in the local policies. 

18. The system as claimed in claim 17 further comprising means 
for identifying parts of a local policy that are not compliant with the policy instance 
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3 and determining modifications required to make the local policy compliant with the 

4 policy instance. 

1 19. The system as claimed in claim 17 Anther comprising means 

2 for preventing a potential participant from participating in the session if the policy 

3 instance does not comply with the set of local requirements of the potential 

4 participant. 

1 20. The system as claimed in claim 13 wherein the means for 

2 enforcing includes means for creating and processing events. 

1 21. The system as claimed in claim 20 wherein the means for 

O- 2 enforcing includes a real or software-emulated broadcast bus to deliver the events 

O 

P 3 to security services. 
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1 22. The system as claimed in claim 20 wherein the means for 

2 creating events includes means for translating application requests into the events. 

1 23. The system as claimed in claim 20 wherein the means for 

2 enforcing further includes means for creating and processing timers and messages. 

1 24. The system as claimed in claim 13 wherein the set of local 

2 requirements specifies provisioning and access control policies. 
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